You may wonder what exactly happens to a site when Slashdot sends its legions of page requests to it. Well, The Metric System blog has an analysis of what happened on November 6th when they received 31,218 page views. You see the breakdown by site and you also see an increase in traffic by 89,094%. While this may by anecdotal, it's the first time I've seen hard numbers on the Slashdot/Digg effect.

In light of the NIST complaint that there are so many applicants for their cryptographic hash challenge that a good evaluation cannot be given, I am curious as to whether they have adequately defined the challenge in the first place. If the criteria are too loose, then of course they will get entries that are unsuitable. However, the number of hashes entered do not seem to be significantly more than the number of encryption modes entered in the encryption mode challenge. If this is impossible for them to evaluate well, then maybe that was also, in which case maybe we should take their recommendations over encryption modes with a pinch of salt. If, however, they are confident in the security and performance of their encryption mode selections, what is their real objection in the hashing challenge case?

But another question one must ask is why there are so many applicants for this, when NESSIE (the European version of this challenge) managed just one? Has the mathematics become suddenly easier? Was this challenge better-promoted? (In which case, why did Slashdot only mention it on the day it closed?) Were the Europeans' criteria that much tougher to meet? If so, why did NIST loosen the requirements so much that they were overwhelmed?

These questions, and others, look doomed to not be seriously answered. However, we can take a stab at the criteria and evaluation problem. A strong cryptographic hash must have certain mathematical properties. For example, the distance between any two distinct inputs must be unconnected to the distance between the corresponding outputs. Otherwise, knowing the output for a known input and the output for an unknown input will tell you something about the unknown input, which you don't want. If you have a large enough number of inputs and plot the distance of inputs in relation to the distance in outputs, you should get a completely random scatter-plot. Also, if you take a large enough number of inputs at fixed intervals, the distance between the corresponding outputs should be a uniform distribution. Since you can't reasonably test 2^512 inputs, you can only apply statistical tests on a reasonable subset and see if the probability that you have the expected patterns is within your desired limits. These two tests can be done automatically. Any hash that exhibits a skew that could expose information can then be rejected equally automatically.

This is a trivial example. There will be other tests that can also be applied automatically that can weed out the more obviously flawed hashing algorithms. But this raises an important question. If you can filter out the more problematic entries automatically, why does NIST have a problem with the number of entries per-se? They might legitimately have a problem with the number of GOOD entries, but even then all they need to do is have multiple levels of acceptance and an additional round or two. eg: At the end of human analysis round 2, NIST might qualify all hashes that are successful at that level as "sensitive-grade" with respect to FIPS compliance, so that people can actually start using them, then have a round 3 which produces a pool of 3-4 hashes that are "classified-grade" and a final round to produce the "definitive SHA-3". By adding more rounds, it takes longer, but by producing lower-grade certifications, the extra time needed to perform a thorough cryptanalysis isn't going to impede those who actually use such functions.

(Yes, it means vendors will need to support more functions. Cry me a river. At the current scale of ICs, you can put one hell of a lot of hash functions onto one chip, and have one hell of a lot of instances of each. Software implementations are just as flexible, with many libraries supporting a huge range. Yes, validating will be more expensive, but it won't take any longer if the implementations are orthogonal, as they won't interact. If you can prove that, then one function or a hundred will take about the same time to validate to accepted standards. If the implementations are correctly designed and documented, then proving the design against the theory and then the implementation against the design should be relatively cheap. It's crappy programming styles that make validation expensive, and if you make crappy programming too expensive for commercial vendors, I can't see there being any problems for anyone other than cheap-minded PHBs - and they deserve to have problems.)

One of my favorite series has released its third movie, "Bender's Game." Wired has an interview with some staff from Rough Draft Studios (The Simpson's Movie, Ren & Stimpy) that was entertaining. Get out and buy Futurama to support the show!

Obama was brutally attacked by MPAA lobbyists mere hours after his acceptance speech today. Who else is already pandering to the president elect?

From the mouth of John Cleese, it's official: Sarah Palin is funnier than Michael Palin!

I hate to sound like an Amazon fanboy ... what with their 1-click patent crap and all ... but if you've read my comments related to anti-DRM you know I love their MP3 service. It's completely DRM-less (unlike Apple's) and has quite the selection. Well, today I discovered that the yet to be released David Byrne & Brian Eno album has a free MP3 listed for download on Amazon.

This excites me as I hope to see all music distributors (labels, retailers, sites, etc) move towards a model similar to that of Afternoon Records site where the artists pick one or two songs from each album to be distributed for free. Although this doesn't satisfy the N'Syncs and Britney Spears of the music world (where one pop single should sell an entire album of 95% filler), it completely draws me into purchasing more and more music from artists that write their own music.

These selections still seem few and far between on Amazon (Brian Setzer, Ted Nugent & The Apples in Stereo are the only others I can find at the moment) but let's hope this spreads.

I can't tell if this is legit or not but Torvalds may be blogging. It's just inane enough that it might be him though it doesn't have the same feel as his posts that I've read at the KernelTrap.

For example, he seems to use _exclamation_ on kernel threads instead of exclamation like the blog has.

If you're a coder who uses .NET, I recently came across some new neat tools by ItJustWorks. The four tools are:

• IJW Profiler for .NET & Java
• Corfu Text Editor
• IJW Framework
• IL to Native Compiler

There's a worthwhile This American Life episode about 419 scammers (Act I just past the intro).

Quite interesting (and I must admit it's a more than a little amusing). It begs the question: Do 419 scammer scammers take their anti-scamming too far?

Found this interesting site, which is focussing on developing grid computing systems for gaming. The software they seem to be using is a mix of closed and open source.

This could be an important break for Linux, as most of the open source software being written is Linux compatible, and gaming has been the biggest problem area. The ability to play very high-end games - MMORGs, distributed simulators, wide-area FPS, and so on, could transform Linux in the gaming market from being seen as a throwback to the 1980s (as unfair as that is) to being considered world-class.

(Windows machines don't play nearly so nicely with grid computing, so it follows that it will take longer for Microsoft and Microsoft-allied vendors to catch up to the potential. That is time Linux enthusiasts can use to get a head-start and to set the pace.)

The question that interests me is - will they? Will Linux coders use this opportunity of big University research teams and big vendor interest to leapfrog the existing markets completely and go straight for the market after? Or will this be seen as not worth the time, the same way that a lot of potentially exciting projects have petered out (eg: Open Library, Berlin/Fresco, KGI, OpenMOSIX)?

A developer posted a brief blog outlining the libraries that Google Chrome uses. Since it's open source, you can see how many (and which) libraries they chose to use. Interesting stuff if you want to get an idea of what is needed to start an open source browser like Chrome. Another blog talks about the security implications of this.

Artists like the eloquent poet Kid Rock are taking a stand against iTunes as they continue to see album sales fall while their hit singles skyrocket in sales on the popular music distribution application. He will be joining Jay-Z in not putting his latest album up for sale on iTunes. I guess Kid's fans were either sending him a message he didn't want to hear or it's just not fair to give consumers a choice. Either way, the world will mourn the loss of Kid's music on iTunes. </sarcasm>

I grow weary of the 2008 election political ads which adorn the pages of Slashdot nowadays. McCain seems to have a firm grasp on Slashdot's ad space, something which I'm sure is not purposeful on the part of the powers-that-be, but rather a well-targeted campaign from the McCain camp. This Jim Gerlach running for the PA 6th also has many ads, but the number of AZ senator's impressions simply dwarf that of Mr. Gerlach.

McCain's policies would do little more than hurt the average Slashdotter, so I question why the ancient senator would bother trying. Slashdot is decidedly libertarian in thought, even though its clientèle may vote Democrat or Republican most of the time. If my assessment is incorrect, then I would assume that Obama would have more of a chance of wooing Slashdotters--he's already gained support from the likes of Lawrence Lessig, Wil Wheaton, and Randall Munroe.

I would honestly like to see Bob Barr advertise on Slashdot, even if just to further spread the message of liberty and Constitutionalism.

Two hundred and sixty seven tapes of previously unheard electronic music by Delia Derbyshire have been found and are being cataloged.

For those unfamiliar with Delia Derbyshire, she was one of the top pioneers of electronic music in the 1950s and 1960s. One of her best-known pieces was the original theme tune to Doctor Who. According to Wikipedia, "much of the Doctor Who theme was constructed by recording the individual notes from electronic sources one by one onto magnetic tape, cutting the tape with a razor blade to get individual notes on little pieces of tape a few centimetres long and sticking all the pieces of tape back together one by one to make up the tune".

Included in the finds was a piece of dance music recorded in the mid 60s, examined by contemporary artists, revealed that it would be considered better-quality mainstream today. Another piece was incidental music for a production of Hamlet.

The majority of her music mixed wholly electronic sounds, from a sophisticated set of tone generators and modulators, and electronically-altered natural sounds, such as could be made from gourds, lampshades and voices.

How robust is your religion? Have all the boundary cases been tested and thought out or does it have more holes and contradictions than the USSR's Penal System? Well, the Vatican is shoring up some questionable parts of Catholicism in regards to those pesky extraterrestrials that may or may not exist. In fact, some major theologians are speculating that each sentient creature would need its own Jesus Christ to save them from certain doom while others claim that it was a one shot deal for everybody. Still others speculate that there could be an alien race that never committed sin. Guess the movies have it wrong. A recent Vatican Newsletter proclaims: "The extraterrestrial is my brother."